Legal claims defining the scope of protection, as filed with the USPTO.
1. A data processing system having a cryptographic unit, wherein the cryptographic unit comprises: cryptographic circuitry which performs a first cryptographic function to provide security for a portion of the cryptographic unit, and which performs a second cryptographic function to provide security for a portion of the data processing system external to the cryptographic unit, wherein the first cryptographic function is performed during secure cryptographic operation, and wherein the second cryptographic function is performed during normal cryptographic operation.
2. A data processing system as in claim 1 , wherein the cryptographic unit further comprises: control circuitry which controls transitioning between normal cryptographic operation and secure cryptographic operation, wherein the control circuitry is couples to the cryptographic circuitry.
3. A data processing system as in claim 2 , wherein the control circuitry comprises a user programmable register bit which initiates a transition between normal cryptographic operation and secure cryptographic operation.
4. A data processing system as in claim 2 , wherein the control circuitry comprises a state machine.
5. A data processing system as in claim 1 , wherein the cryptographic unit further comprises: first storage circuitry which stores a first key, wherein the first key is stored in non-encrypted form.
6. A data processing system as in claim 5 , wherein the first storage circuitry is one-time writable storage circuitry.
7. A data processing system as in claim 5 , wherein the cryptographic unit further comprises: second storage circuitry which stores a second key, wherein the second key is decrypted using the first key.
8. A data processing system as in claim 7 , wherein the second storage circuitry stores first configuration information which is decrypted using the first key and wherein the second storage circuitry stores second configuration information which is decrypted using the second key.
9. A data processing system as in claim 8 , wherein once the second configuration information is stored in the second storage circuitry, the first key is no longer used to perform decryption without first exiting secure cryptographic operation.
10. A data processing system as in claim 8 , wherein the first configuration information and the second configuration information are used during secure cryptographic operation and are not used during normal cryptographic operation.
11. A method for providing security in a data processing system having a cryptographic unit, the method comprising: operating in a normal operating mode of the cryptographic unit; entering a first secure operating mode of the cryptographic unit; in the first secure operating mode of the cryptographic unit, using a first key to decrypt first security configuration information, wherein the first security configuration information includes a second key; entering a second secure operating mode of the cryptographic unit; and in the second security operating mode of the cryptographic unit, using the second key to decrypt second security configuration information.
12. A method as in claim 11 , further comprising: performing configuration of the cryptographic unit in at least one of the first and second secure operating modes.
13. A method as in claim 11 , further comprising: returning to the normal operating mode of the cryptographic unit from at least one of the first and second secure operating modes.
14. A method as in claim 11 , further comprising: in the second security operating mode of the cryptographic unit, using at least one descriptor from the second security configuration information to define a security function; and performing the security function.
15. A method as in claim 14 , wherein the step of performing the security function comprises: providing data external to the data processing system.
16. A method as in claim 14 , wherein the step of performing the security function comprises: retrieving third security configuration information; decrypting the third security configuration information using the second key; and storing the decrypted third security configuration information in the cryptographic unit.
17. A data processing system having a cryptographic unit, wherein the cryptographic unit comprises: first storage circuitry for storing a first key; second storage circuitry for storing a second key, first configuration information, and second configuration information; and cryptographic circuitry for performing a first cryptographic function to provide security for a portion of the cryptographic unit, wherein the first cryptographic function uses at least one of the first and second keys, said cryptographic circuitry performing a second cryptographic function to provide security for a portion of the data processing system external to the cryptographic unit, wherein the second cryptographic function uses at least one of the first and second keys, and wherein said cryptographic circuitry decrypts the first configuration information using the first key and decrypts the second configuration information using the second key.
18. A data processing system as in claim 17 , wherein the first key cannot be changed.
19. A data processing system as in claim 17 , wherein the second key is decrypted using the first key.
Unknown
June 2, 2009
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.